Restructure tea skill into a plugin with a mandatory-login guard

Convert the standalone `tea` skill into a skills-dir plugin so commands are
namespaced and an enforcement hook can ship with it:

- /tea:login  — pin the project Gitea login into .claude/settings.local.json
- /tea:use    — tea CLI reference (was the old root SKILL.md), with the
                login rule slimmed since the hook now enforces it
- hooks/tea-guard.sh — PreToolUse(Bash) guard: blocks any `tea` command that
  touches Gitea unless it carries --login and $GITEA_LOGIN is set. Exempts
  `tea logins list` and `tea --version/--help` so /tea:login can bootstrap.

References moved under skills/use/references/. `claude plugin validate` passes;
guard unit-tested across allow/block cases.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

skills/use/references/tea/setup.md

@@ -0,0 +1,19 @@
+# tea CLI — SETUP
+
+See [`./index.md`](./index.md) for global options and common flags shared by all commands.
+
+## `tea logins` (alias: `login`)
+- `list, ls`
+- `add` — interactive when called without args. `--name/-n`, `--url/-u` (`$GITEA_SERVER_URL`), `--token/-t` (`$GITEA_SERVER_TOKEN`), `--user` (`$GITEA_SERVER_USER`), `--password/--pwd` (`$GITEA_SERVER_PASSWORD`), `--otp` (`$GITEA_SERVER_OTP`), `--scopes` (`$GITEA_SCOPES`), `--ssh-key/-s`, `--ssh-agent-principal/-c`, `--ssh-agent-key/-a`, `--insecure/-i`, `--no-version-check/--nv`, `--helper/-j`, `--oauth/-o` (plus `--client-id`, `--redirect-url`).
+- `edit, e` — interactive.
+- `delete, rm <name>`
+- `default [<login>]` — get or set the default login.
+- `oauth-refresh [<login>]` — refresh an OAuth token (opens browser if the refresh token is also expired).
+
+## `tea logout <name>`
+Remove a stored login.
+
+## `tea ssh-keys` (alias: `ssh-key`)
+- `list, ls`
+- `add <key-file>` — `--title/-t` (defaults to filename without extension).
+- `delete, rm <key-id>` — `--confirm/-y`.